lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
From: dotslash at snosoft.com (KF)
Subject: CERT, Full Disclosure, and Security By O

I also want to make it clear I did not mean to imply that Steven was 
trying to collect 0day rather he has been going what I would consider 
"above and beyond" to make sure issues that have already been reported 
get properly documented so that all may benefit.

-KF



hellNbak wrote:
> How predictable.  What are you 12?
> 
> On Fri, 31 Jan 2003, Georgi Guninski wrote:
> 
> 
>>Steven M. Christey proposed the responsible disclosure lame draft and signed it.
>>I find it quite hipocritical to propose delaying of information, and at the same
>>time mitre to get the 0days before they are released.
> 
> 
> So because Mitre proposes a "lame draft" you all of a sudden have a huge
> problem with them?  Where in the draft did it say anything - or on
> Mitre's web site for that matter - that they collect zero days?  I mean maybe I
> have to learn how to read better or pay more attention to Christey's talks
> but I have never heard of Mitre collecting code. AFAIK - they rely on
> outside information sources.
> 
> That being said, even if they did collect zero days. how is that
> hypocritical?  An example of hypocritical would be helping company find
> and bury security issues while spending all your time hacking their
> competing products....maybe thats not hypocritical and just unethical...
> 
> 
>

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux